|
195021
|
8.8 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
firefox_esr
|
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
|
CWE-909
Missing Initialization of Resource
|
CVE-2021-23994
|
2024-11-21 14:52 |
2021-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195022
|
6.5 |
MEDIUM
Network
|
mozilla
|
thunderbird
|
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2021-23993
|
2024-11-21 14:52 |
2021-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195023
|
4.3 |
MEDIUM
Network
|
mozilla
|
thunderbird
|
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user I…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2021-23992
|
2024-11-21 14:52 |
2021-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195024
|
6.8 |
MEDIUM
Network
|
mozilla
|
thunderbird
|
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an em…
|
NVD-CWE-Other
|
CVE-2021-23991
|
2024-11-21 14:52 |
2021-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195025
|
5.4 |
MEDIUM
Network
|
codecabin
|
wp_go_maps
|
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site S…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24383
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195026
|
5.3 |
MEDIUM
Network
|
wphappycoders
|
comments_like_dislike
|
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user…
|
-
|
CVE-2021-24379
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195027
|
4.8 |
MEDIUM
Network
|
autoptimize
|
autoptimize
|
The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privil…
|
-
|
CVE-2021-24378
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195028
|
8.1 |
HIGH
Network
|
autoptimize
|
autoptimize
|
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to pro…
|
-
|
CVE-2021-24377
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195029
|
9.8 |
CRITICAL
Network
|
autoptimize
|
autoptimize
|
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extract…
|
-
|
CVE-2021-24376
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195030
|
5.3 |
MEDIUM
Network
|
automattic
|
jetpack
|
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was f…
|
-
|
CVE-2021-24374
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
